Domain Monitoring Service

What is subdomain takeover?

One common security threat is exposing old subdomain names. Subdomains pointing to third party services no longer being used make it possible for malicious hackers to register the subdomain on that third party and (effectively) hijack the subdomain. Some issues have already been published on our blog.

Detectify provides a tool that allows you to monitor subdomains for such vulnerabilities based on your domain names. The Detectify Domain Monitoring Service continuously monitors changes within public DNS resolvers and warns you as soon as it detects any anomalies.

How to get up and running

To be able to use this service we need two things:

The verified domain that we should monitor (for subdomain takeovers). For example, if the customer wants to look for subdomain takeovers on example.com we will find them on *.example.com but not on example2.com even if the customer owns that and it is served by the same DNS.

An email to send alerts to (future releases will have more options)

There are two scenarios to use our service.

Provide us with subdomains

Subdomains from a DNS master file

The customer needs to provide us with the master file for their DNS. This file contains the subdomains they want us to monitor. Initially they need to send us this file via email.

It needs to either contain an "$ORIGIN" row or we need to know the root origin for the master file (this is most likely the domain they want to monitor, so example.com if they want to look for subdomain takeover under that)

Get subdomains from a DNS zone transfer (AXFR)

The customer needs to whitelist our external IPs in their DNS for zone transfers. How to do this is dependent on what DNS they are running but this should be among the DNS settings.

Second step is that we need an address or IP for the name server we should use and the zone that we should transfer (most likely the domain they want to monitor, so example.com if they want to look for subdomain takeover under that).

Detectify finds subdomains

In this scenario the customer doesn’t have to provide us with any additional information. We will try and use a combination of techniques to try to enumerate the subdomains.

Would you like to know more?

If you are interested in knowing more about the Detectify Domain Monitoring Service just reach out to us via our Request a live demo page.